Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Slides:



Advertisements
Similar presentations
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Advertisements

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
Towards Software Defined Cellular Networks
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Toward Practical Integration of SDN and Middleboxes
SIMPLE-fying Middlebox Policy Enforcement Using SDN
Agenda Product Overview Hardware Interfaces Software Features
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,
Software-Defined Networking, OpenFlow, and how SPARC applies it to the telecommunications domain Pontus Sköldström - Wolfgang John – Elisa Bellagamba November.
SDN: Extensions Middleboxes 1 Ack: Vyas Sekar, Aaron Gember, Felipe Huici, Zafar Qazi.
Design and Implementation of a Consolidated Middlebox Architecture 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
Software Defined Networking COMS , Fall 2013 Guest Speaker: Seyed Kaveh Fayazbakhsh Stony Brook University 11/12/2013: SDN and Middleboxes.
15-744: Computer Networking
MSIT 458: Information Security & Assurance By Curtis Pethley.
1 A Policy-aware Switching Layer for Data Centers Dilip Joseph Arsalan Tavakoli Ion Stoica University of California at Berkeley.
Data Center Middleboxes Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking November 24,
Software-Defined Networking
MIGRATION FROM SCREENOS TO JUNOS based firewall
The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment 1 Vyas SekarSylvia RatnasamyMichael ReiterNorbert Egi Guangyu Shi.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,
EWAN Equipment Last Update Copyright 2010 Kenneth M. Chipps Ph.D. 1.
Cellular Core Network Architecture
Opportunities in Middlebox Virtualization Prof. Anat Bremler-Barr IDC Herzliya Supported by European Research Council (ERC) Starting.
Enabling Innovation Inside the Network Jennifer Rexford Princeton University
Software-Defined Networks Jennifer Rexford Princeton University.
Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar Stanford University In collaboration with Martin Casado and Scott.
Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
Cloud Scale Performance & Diagnosability Comprehensive SDN Core Infrastructure Enhancements vRSS Remote Live Monitoring NIC Teaming Hyper-V Network.
FUTURE OF NETWORKING SAJAN PAUL JUNIPER NETWORKS.
Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags Seyed K. Fayazbakhsh *, Luis Chiang ¶, Vyas Sekar *, Minlan.
Extending SDN to Handle Dynamic Middlebox Actions via FlowTags (Full version to appear in NSDI’14) Seyed K. Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan.
Programming Languages for Software Defined Networks Jennifer Rexford and David Walker Princeton University Joint work with the.
A survey of SDN: Past, Present and Future of Programmable Networks Speaker :Yu-Fu Huang Advisor :Dr. Kai-Wei Ke Date:2014/Sep./30 1.
Aaron Gember, Theophilus Benson, Aditya Akella University of Wisconsin-Madison.
CellSDN: Software-Defined Cellular Core networks Xin Jin Princeton University Joint work with Li Erran Li, Laurent Vanbever, and Jennifer Rexford.
Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.
Improving Network Management with Software Defined Network Group 5 : z Xuling Wu z Haipeng Jiang z Sichen Wu z Aparna Sanil.
SIMPLE-fying Middlebox Policy Enforcement Using SDN
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Programming Languages COS 597E: Software Defined Networking.
FlowTags: Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions Author: Seyed Kaveh Fayazbakhsh, Vyas Sekar, Minlan Yu and Jeffrey.
SIMPLE-fying Middlebox Policy Enforcement Using SDN Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar, Rui Miao, Minlan Yu Presenter : ChoongHee.
Design and Implementation of a Consolidated Middlebox Architecture (CoMb) Vyas Sekar, Norbert Egi, Sylvia Ratnasamy Michael K. Reiter, Guangyu Shi Intel.
I2RS Overlay usecase 1 Fangwei hu Bhumip Khasnabish.
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
Craig Farrell CTO Telecom IBM. Why to operators want SDN and NFV? Definitions SDN: Separate control/management & data plane of switches Centralization.
Software Defined Networking BY RAVI NAMBOORI. Overview  Origins of SDN.  What is SDN ?  Original Definition of SDN.  What = Why We need SDN ?  Conclusion.
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
Ready-to-Deploy Service Function Chaining for Mobile Networks
Xin Li, Chen Qian University of Kentucky
SDN challenges Deployment challenges
Yotam Harchol The Hebrew University of Jerusalem
SDN Network Updates Minimum updates within a single switch
A Survey of Network Function Placement
Abstractions for Network Functions
15-744: Computer Networking
The DPIaaS Controller Prototype
Hydra: Leveraging Functional Slicing for Efficient Distributed SDN Controllers Yiyang Chang, Ashkan Rezaei, Balajee Vamanan, Jahangir Hasan, Sanjay Rao.
15-744: Computer Networking
Week 11 Software Defined Networking (SDN): Use-Cases
of Dynamic NFV-Policies
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
Software Defined Networking (SDN)
Programmable Networks
SDN + NetSec Vyas Sekar.
Lecture 21, Computer Networks (198:552)
Presentation transcript:

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu

Type of applianceNumber Firewalls166 Intrusion detection127 Media gateways110 Load balancers67 Proxies66 VPN gateways45 WAN Optimizers44 Voice gateways11 Total Middleboxes636 Total routers~900 Why middleboxes? Data from a large enterprise Survey across 57 network operators Critical for security, performance, compliance But painful to manage 2

Why should SDN community care? 3 Aug ONF report – “integrate into production networks” – “APIs for functions market views as important” Survey on SDN adoption [Metzler 2012] – “use cases that justify deployment” – “add a focus on Layer 4 through Layer 7 functionality … change in the perceived value of SDN.” Middleboxes: Necessity and Opportunity for SDN

4 Goal: SDN + Middlebox integration Centralized Controller “ Flow ” FwdAction …… “ Flow ” FwdAction …… Can we achieve SDN-Middlebox integration: with existing SDN APIs? with unmodified middleboxes? Open APIs

Challenges in SDN-MB integration 5 S1 S2 S4 S3 Proxy IDS Firewall Pkt, S2—S4: IDS or Dst ? Resource constraints Traffic modifications Policy composition FirewallIDSProxy IDS1 = 50% IDS2 = 50% Are forwarding rules correct? Proxy may modify traffic Space for traffic split? Simple flow rules may not suffice!

Recap: Three main challenges Policy composition 6 Is there enough rule space? Correctness? Flow rules may not suffice New dimensions beyond Layer 2-3 tasks Traffic modifications Resource constraints

2= Post Firewall Composition  Tag Processing State 7 Firewall Proxy IDS 1=None 3=Post IDS 4 = Post Proxy S2 S4 Use “state” tags in addition to header, interface info

Resource constraints  Joint Optimization 8 Resource Manager Topology & Traffic Switch TCAM Middlebox Hardware Policy Spec Optimal & Feasible load balancing Theoretically hard, but have practical near-optimal heuristics

FW IDS Proxy Web Rule Generator (Processing state tags, Switch tunnels) Resource Manager (Scalable joint optimization) Modifications Handler (Infer flow correlations) NIMBLE System Overview Legacy Middleboxes OpenFlow-capable OpenFlow 1.0 FlowTag/TunnelAction …… FlowTag/TunnelAction …… POX extensions OpenvSwitch

Benefits: Load balancing 10 Nimble Today 4-7X better load balancing without modifying middleboxes Low overhead: 0.1s to reconfigure after failure/overload

SDN + Middlebox Convergence 11 High OpEx Inflexible High CapEx COMB Consolidation [NSDI ‘12] ONS Poster APLOMB Cloud Outsourcing [SIGCOMM’12] NIMBLE Practical Integration [today’s talk] Middlebox pain points

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.